-
chrony (3.2-4ubuntu4.5) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-14367.patch: add functions for common file
operations and switch to new util file functions in
logging.c, main.c, sysincl.h, util.c, util.h.
- CVE-2020-14367
* Fix test for NTP era split
- debian/patches/test-fix-util-unit-test-for-NTP-era-split.patch: in
test/unit/util.c.
-- <email address hidden> (Leonidas S. Barbosa) Tue, 25 Aug 2020 13:42:46 -0300
-
chrony (3.2-4ubuntu4.4) bionic; urgency=medium
* fix autopkgtest to continue working in Bionic
- take Eoans version of d/t/upstream-simulation-test-suite
- use a defined version of clknetsim
- ignore compiler warnings when running make
- d/p/update_processing_of_packet_log.patch: Two new fields have been
added to the packet log, which broke some of the simulation tests.
chrony (3.2-4ubuntu4.3) bionic; urgency=medium
* d/postrm: gracefully ignore issues on starting systemd-timesyncd
(LP: #1872183)
-- Christian Ehrhardt <email address hidden> Thu, 16 Apr 2020 07:47:40 +0200
-
chrony (3.2-4ubuntu4.3) bionic; urgency=medium
* d/postrm: gracefully ignore issues on starting systemd-timesyncd
(LP: #1872183)
-- Christian Ehrhardt <email address hidden> Wed, 15 Apr 2020 09:06:43 +0200
-
chrony (3.2-4ubuntu4.2) bionic; urgency=medium
* d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
the service on newer kernels by falling back to urandom.
(LP: #1787366, Closes: #906276)
-- Christian Ehrhardt <email address hidden> Mon, 20 Aug 2018 11:36:18 +0200
-
chrony (3.2-4ubuntu4.1) bionic; urgency=medium
* debian/usr.sbin.chronyd:
- Support all paths suggested in the man page.
(LP: #1771028, Closes: #898614)
-- Christian Ehrhardt <email address hidden> Wed, 23 May 2018 16:22:13 +0200
-
chrony (3.2-4ubuntu4) bionic; urgency=medium
* d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357)
* Notify chrony to update sources in response to systemd-networkd
events (LP: #1718227)
- d/links: link dispatcher script to networkd-dispatcher events routable
and off
- d/control: set Recommends to networkd-dispatcher
- d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch
- d/p/lp-1718227-nm-dispatcher-for-networkd.patch
-- Christian Ehrhardt <email address hidden> Mon, 16 Apr 2018 17:04:06 +0200
-
chrony (3.2-4ubuntu3) bionic; urgency=medium
* debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327)
-- Christian Ehrhardt <email address hidden> Thu, 05 Apr 2018 09:38:10 +0200
-
chrony (3.2-4ubuntu2) bionic; urgency=medium
* Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
- d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
When dropping the root privileges, don't try to keep the CAP_SYS_TIME
capability if the -x option was enabled. This allows chronyd to be
started without the capability (e.g. in containers) and also drop the
root privileges.
- debian/chrony.service: allow the service to run without CAP_SYS_TIME
- debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
- debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off).
- debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
containers on a default installation and avoid failing to sync time (or
if allowed to sync, avoid multiple containers to fight over it by
accident).
- debian/install: make chronyd-starter.sh available on install.
- debian/docs, debian/README.container: provide documentation about the
handling of this case.
* debian/chrony.conf: update default chrony.conf to not violate the policy
of pool.ntp.org (to use no more than four of their servers) and to provide
more ipv6 capable sources by default (LP: #1754358)
-- Christian Ehrhardt <email address hidden> Fri, 16 Mar 2018 12:25:44 +0100
-
chrony (3.2-4ubuntu1) bionic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: switch to nss instead of tomcrypt (nss is in main)
- d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
* Dropped changes (in Debian)
- d/chrony.default, d/chrony.service: support /etc/default/chrony
DAEMON_OPTS in systemd environment (LP: 1746081)
- d/chrony.service: properly start after networking (LP: 1746458)
- d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444)
* Added Changes:
- debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
(LP: #1751241, Closes: #891201)
-- Christian Ehrhardt <email address hidden> Mon, 26 Feb 2018 14:44:54 +0100
-
chrony (3.2-2ubuntu3) bionic; urgency=medium
* Revert the changes of (LP 1746458) as in the follow on discussion
it became clear that we want it to start early (for example for an
early offset from drift file). iIf needed chrony will later on pick
up that servers are online via retries (augmented by hooks on network
events).
-- Christian Ehrhardt <email address hidden> Thu, 08 Feb 2018 10:52:30 +0100
-
chrony (3.2-2ubuntu2) bionic; urgency=medium
* d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
* d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
* d/chrony.default, d/chrony.service: support /etc/default/chrony
DAEMON_OPTS in systemd environment (LP: #1746081)
* d/chrony.service: properly start after networking (LP: #1746458)
* d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)
-- Christian Ehrhardt <email address hidden> Fri, 19 Jan 2018 09:45:38 +0100
-
chrony (3.2-2) unstable; urgency=medium
* Initial AppArmor profile for chronyd. Thanks to Jamie
Strandboge <email address hidden>. (Closes: #888038)
* debian/compat:
- Bump to debhelper compat 11.
* debian/control:
- Bump standard-version to 4.1.3 (no changes required).
- Build depend on debhelper ≥ 11.
- Set “Rules-Requires-Root: no”.
- Move Vcs-* to salsa.debian.org.
* debian/copyright:
- Add myself as a copyright holder for 2018.
* debian/postinst:
- Don’t force removal of cron file since it doesn’t exist anymore.
* debian/preinst:
- Update the chrony version on which to act.
- Add the debhelper token.
* debian/usr.sbin.chronyd:
- Improve AppArmor profile to support more chronyd features and ease
portability with other distros.
-- Vincent Blut <email address hidden> Sun, 28 Jan 2018 19:33:46 +0100
-
chrony (3.2-1ubuntu3) bionic; urgency=medium
* debian/preinst: add #DEBHELPER#. Thanks to Vincent Blut
-- Jamie Strandboge <email address hidden> Tue, 23 Jan 2018 16:54:49 +0000
-
chrony (3.2-1ubuntu2) bionic; urgency=medium
* debian/usr.sbin.chronyd: incorporate in progress changes from Debian,
thanks to Vincent Blut
-- Jamie Strandboge <email address hidden> Mon, 22 Jan 2018 22:53:57 +0000
-
chrony (3.2-1ubuntu1) bionic; urgency=medium
* add AppArmor profile for /usr/sbin/chronyd:
- add debian/usr.sbin.chronyd AppArmor profile
- debian/control: Build-Depends on dh-apparmor
- debian/dirs: create etc/apparmor.d/force-complain
- debian/install: install debian/usr.sbin.chronyd
- debian/preinst: force-complain on upgrade before this version
- debian/rules: install apparmor profile with dh_apparmor
-- Jamie Strandboge <email address hidden> Mon, 22 Jan 2018 19:48:29 +0000
-
chrony (3.2-1build1) bionic; urgency=medium
* No-change rebuild against latest libtomcrypt
-- Jeremy Bicha <email address hidden> Sat, 04 Nov 2017 11:47:42 -0400
-
chrony (3.2-1) unstable; urgency=medium
* Import upstream version 3.2:
- Please see /usr/share/doc/chrony/changelog.gz for the release notes.
-- Vincent Blut <email address hidden> Fri, 15 Sep 2017 11:37:10 +0200
-
chrony (3.1-5) unstable; urgency=medium
* debian/chrony.if-up:
- Do not pass the “burst” command to chronyc as the script could return an
error in certain situations. As a consequence, that would prevent ifupdown
from writing the current state of the interfaces in /run/network/ifstate.
Thanks to John Eikenberry <email address hidden> for reporting that issue.
(Closes: #868491)
* debian/chrony.ppp.ip-up:
- Take the same action as for the “chrony.if-up” script as a precautionary
measure.
-- Vincent Blut <email address hidden> Mon, 17 Jul 2017 16:47:56 +0200